Sr. Ethical Hacking Analyst-Application Security

penetration testing, audit, security reviews
Full Time
Depends on Experience
Work from home not available Travel required to 10%.

Job Description

Job Purpose

As a member of Jackson's Ethical Hacking Team, the Senior Ethical Hacking Analyst provides technical leadership required to assess applications and infrastructure for exploitable vulnerabilities. The senior analyst will stay informed of advances in attacker techniques and provide feedback for improvements to tools and processes as needed. The senior analyst ensures that process and procedures are efficient and compliant with standards. The senior analyst ensures that all reports and metrics accurately document the details of vulnerabilities, their potential impact, and suggested remediation needed to manage risk. Additionally, the senior analyst leads efforts and engagements with third party vendors when required to ensure that Jackson's overall security posture is sound. Coordinates with other departments and teams to evolve information security alignment with company goals and objectives.

 

Essential Job Duties & Responsibilities

  • Performs remediation testing and reporting through the application of expert ethical hacking and penetration techniques in a fast-paced, highly technical environment.
  • Performs web application, network, mobile application, and infrastructure Penetration Tests.
  • Perform security reviews of architecture, application design, and source code
  • Performs manual and dynamic application testing.
  • Communicates information, suggestions, and/or problems regarding project status and critical findings to stakeholders.
  • Identifies, develops, and documents in detail security issues and recommendations.
  • Leads Third Party Penetration testing efforts.
  • Coordinates with other functional groups involved in Information Security, Risk, Security Architecture and Software Development teams.
  • Conducts threat analysis and threat modeling, as well as creation of misuse cases and definition of threat actors for systems.
  • Provides technical support to Business Leaders.
  • Assists with procuring, managing, and training for operational infrastructure associated with Red Team types of attack platforms.
  • Performs research of emerging technologies and design frameworks and capabilities required to perform penetration test exercises of new technologies adopted by Jackson.
  • Manages enterprise Web Application Firewall and other tools required by team.
  • Requires comprehensive knowledge and mastery in assigned areas applying skills and competencies in challenging and complex situations.
  • Creates or maintains the Ethical Hacking program process and documentation.
  • Ensures Ethical Hacking reporting metrics are accurate and delivered in a timely matter.
  • Provides ad hoc reports as directed by leadership.
  • Leads security improvements projects that include departments outside information security.
  • Works alongside Jackson’s Security Operation Center (SOC) staff to build new monitoring capabilities based on threat and ethical hacking findings.
  • Integrates EHA findings into Jackson’s Vulnerability Threat Management Program.
  • Maintains confidentiality on all sensitive security matters.

 

Other Duties

  • Other duties as assigned.

 

Knowledge, Skills & Abilities

  • Familiar with vulnerability assessments processes, penetration testing techniques and audit procedures.
  • Experience performing application and infrastructure penetration tests both manually and automated.
  • Experience writing proof-of-concept exploits.
  • Well versed in system, network, and web application exploitation (Buffer Overflows, VLAN hopping, cross-site scripting).
  • Ability to work at a senior level when executing and improving work processes to ensure achievement of business goals.
  • Experience with information security control practices and frameworks (e.g., CIS CSC, ATT&CK, OWASP, PTES, NIST, etc.) is strongly preferred.
  • Experience in multiple development languages (JavaScript, HTML, XML, Perl, VB, .Net, etc.).
  • Well versed with security tools and frameworks (Tenable, Metasploit, Core, AppScan, etc.).
  • Extensive understanding of cryptographic concepts and applied cryptography.
  • Proficiency in one or more scripting language (Perl, Python, Shell Scripting etc.).
  • Excellent written and verbal communication skills.
  • Excellent applied critical thinking and troubleshooting skills.
  • Requires comprehensive knowledge and mastery in assigned areas applying skills and competencies in challenging and complex situations.
  • Ability to work independently and in a team environment.
  • Experience leading projects and team activities.

 

Education and Experience

  • Bachelor’s degree or equivalent work experience.
  • 5-8 years of increasing responsibility in Information Technology, Information Security or Compliance required.
  • CISSP Preferred.
  • Additional relevant industry certification(s) preferred.
Dice Id : 10106065
Position Id : REQ-00187
Originally Posted : 3 months ago
Have a Job? Post it

Similar Positions

Senior Information Security Engineer - Duo Security
  • Cisco Systems, Inc.
  • Ann Arbor, MI
Security Engineer
  • Domino's Pizza
  • Ann Arbor, MI
IT Operations Compliance Specialist
  • Scigon Solutions
  • Ann Arbor, MI
Associate Security Consultant
  • Nuspire Networks
  • Commerce Charter Township, MI
Cybersecurity Infrastructure Staff IT Auditor
  • Robert Half Technology
  • Ann Arbor, MI
Application Security Architect
  • United Shore
  • Pontiac, MI
Cyber Security Infrastructure IT Auditor
  • Kforce Technology Staffing
  • Ann Arbor, MI
Infrastructure Security Architect
  • Stefanini, Inc.
  • Auburn Hills, MI
IT Security Specialist
  • Fast Switch, Ltd.
  • Troy, MI
IT Cyber Security Engineer / Architect
  • Systems Technology Group Inc. (STG)
  • Farmington Hills, MI